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March 2012 


Dear Colleagues, 

I am pleased to share with you the newly revised edition of the DHS Privacy Office’s 
Handbook for Safeguarding Sensitive PII (Handbook) which applies to every DHS 
employee, contractor, detailee, intern and consultant. 

This Handbook provides guidelines to help you safeguard Sensitive Personally 
Identifiable Information (PII) in both paper and electronic form at DHS. Your 
component Privacy Officer, component Privacy Point of Contact (PPOC), Program 
Office, or System Owner may set additional or more specific rules for handling PII, 
particularly Sensitive PII, based on the sensitivity of the information involved. 

The Handbook provides step-by-step guidance on how to identify and protect Sensitive 
PII: 


• In the office, or while traveling or teleworking 

• On a portable electronic device, such as a Blackberry, laptop, or USB 
flash drive 

• When emailing, faxing, or by other electronic transfer 

• When mailing externally, overseas and inter-office 

• When storing on a shared drive or SharePoint 

The Handbook also provides simple instructions on: 

• Encrypting Sensitive PII 

• Securing Sensitive PII when not in use 

• Disposing of Sensitive PII 

By observing these guidelines, you will be doing your part to protect the Sensitive PII of 
our employees, contractors, and the public, and helping to prevent a privacy incident. If 
you have any questions regarding this Handbook, please contact your component Privacy 
Officer or PPOC. You may also call us at 703-235-0780 or email us at privacy@dhs.gov. 

Sincerely, 

_ 

Mary Ellen Callahan 

Chief Privacy Officer 

Chief Freedom of Information Act Officer 

The Privacy Office 

United States Department of Homeland Security 
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Introduction 


As someone who works for or on behalf of the Department of Homeland Security (DHS 
or Department), it is your responsibility to protect information that has been entrusted to 
the Department. An important part of this duty is to ensure that you properly collect, 
access, use, share, and dispose of Personally Identifiable Information (PII). 

You should exercise care when handling all PII. Sensitive PII, however, requires special 
handling because of the increased risk of harm to an individual if it is compromised. 

This Handbook provides minimum standards that apply to every DHS employee, 
contractor, detailee, intern and consultant. 1 Your component Privacy Officer, Privacy 
Point of Contact (PPOC), Program Office, or System Owner may set additional or more 
specific rules for handling PII based on the sensitivity of the information involved. Your 
supervisor or component Privacy Officer or PPOC will be able to direct you to your 
component-specific rules. 

This handbook explains: 

• how to identify PII and Sensitive PII, 

• how to protect Sensitive PII in different contexts and formats, and 

• what to do if you believe Sensitive PII has been compromised. 

Additionally, Appendix A of this handbook gives instructions on how to encrypt a file 
containing Sensitive PII. Appendix B provides answers to frequently asked questions on 
specific procedures for protecting Sensitive PII. And Appendix C includes three useful 
factsheets: one summarizing this handbook, one on protecting Sensitive PII while 
teleworking, and one providing instructions on how to restrict network shared drive 
access. 
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1.0 The difference between Pll and Sensitive Pll 


DHS defines personal inf ormation as “Personally Identifiable Information” or PII, 

which is any information that permits the identity of an individual to be directly or 
indirectly inferred, including any information that is linked or linkable to that individual, 
regardless of whether the individual is a U.S. citizen, legal permanent resident, visitor to 
the U.S., or employee or contractor to the Department. 

Sensitive PII is Personally Identifiable Information, which if lost, compromised, or 
disclosed without authorization, could result in substantial harm, embarrassment, 
inconvenience, or unfairness to an individual. 

Sensitive PII requires stricter handling guidelines because of the increased risk to an 
individual if the data are compromised. 

Some categories of PII are sensitive as stand-alone data elements. Examples include: 
SSN, driver’s license or state identification number, passport number, Alien Registration 
Number, or financial account number. Other data elements such as citizenship or 
immigration status, medical information, ethnic, religious, sexual orientation, or lifestyle 
information, and account passwords, in conjunction with the identity of an individual 
(directly or indirectly inferred), are also Sensitive PII. See the chart on the next page. 
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1.1 Pll That Is Always Sensitive 


What is Pll? 

Pll includes: Name, email, home address, phone # 

Sensitive Pll includes: 

If Stand-Alone: 

If Paired With Another Identifier: 

> Social Security number 

>Citizenship or immigration status 

>Driver’s license or state ID # 

> Medical information 

> Passport number 

> Ethnic or religious affiliation 

>Alien Registration Number 

>Sexual orientation 

>Financial account number 

>Account passwords 

> Biometric identifiers 

>Last 4 digits of SSN 


>Date of birth 


>Criminal history 


>Mother’s maiden name 
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1.2 Pll That Is Sensitive In Certain Contexts 

Context matters. PII that might not include the data elements identified in 1.1 
may still be sensitive and require special handling if it could cause substantial 
harm, embarrassment, inconvenience, or unfairness to an individual. 2 

For example, a collection of names: 

• Is not Sensitive PII if it is a list, file, query result, etc. of: 

o attendees at a public meeting 
o stakeholders who subscribe to a DHS listserv 
o employees and contractors at the DHS Privacy Office 

• Is Sensitive PII if it is a list, file, query result, etc. of: 

o law enforcement personnel, such as investigators, agents, and 
support personnel 

o employees with poor performance ratings 
o undocumented immigrants awaiting deportation proceedings 

1.3 Alien Files and Alien Numbers 

You may access and use Alien Files (A-Files) and their associated A-numbers 
often in fulfilling your duties at DHS. 

• In all contexts, this information is Sensitive PII and must be safeguarded as 
such. 

• You may also use an A-number as a case number for matters pending before 
the Department of Justice, Executive Office of Immigration Review and 
Board of Immigration Appeals, or for immigration matters pending before the 
federal courts. Nothing in this Handbook is intended to interfere with the 
practice of agency personnel with respect to the uses of the A-number in these 
contexts. 

• The kn own location of the alien is the only other PII that may be included in 
the unencrypted emails sent to DHS law enforcement personnel from non- 
DHS staff (e.g., DHS contractors who need to send emails originating outside 
the DHS firewall). 

Note: When non-DHS staff need to send A-numbers to DHS law enforcement 
personnel, and it is not feasible or consistent with operational needs to do so using 
encrypted emails, non-DHS staff may send unencrypted A-numbers to DHS law 
enforcement personnel in order to fulfill their DHS law enforcement and 
immigration enforcement duties. 
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2.0 Safeguarding Sensitive Pll 

You should exercise care when handling all PII. 

Sensitive PII, however, requires special handling 
because of the increased risk of harm to an 
individual if it is compromised. The following 
guidelines explain how you must properly collect, 
access, use, share and dispose of Sensitive PII at 
the Department. 

2.1 Collect Sensitive PII Only as Authorized 

When collecting Sensitive PII, be sure that you have the legal authority to do so, 
and, if required, have a Privacy Act System of Records Notice (SORN) in place 
that describes the information. 

• If you are collecting or maintaining Sensitive PII electronically, be sure to 
check with the DHS Privacy Office or your component Privacy Officer to 
determine if your database or information technology system requires an 
approved Privacy Impact Assessment (PIA), and/or compliance with the 
Federal Information System Management Act (FISMA). 



When collecting PII from members of the public, ensure that all paper or 
electronic forms or processes are reviewed and approved by the DHS Forms 
Manager prior to collection. 

• Collecting personal information from members of the public may trigger 
separate requirements under the Paperwork Reduction Act (PRA) 3 , and may 
also require that the form contain a Privacy Act Statement. 

2.2 Limit Use of Sensitive PII 

Only access or use Sensitive PII when you have a need to know that information, 4 
that is, when your need for the information relates to your official duties. 

• Use must be compatible with notices, such as a SORN, PIA, or Privacy Act 
Statement provided to the individuals from whom the information was 
collected. If you are unsure about whether a specific use is appropriate, you 
should confirm with your supervisor, component Privacy Officer, or PPOC. 5 

• If you work for DHS as a contractor, you must have a nondisclosure 
agreement (NDA) on file with DHS prior to handling Sensitive PII, 6 and 
complete the mandatory online privacy awareness training course. 

• Never browse files containing Sensitive PII out of curiosity or for personal 
reasons. 
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2.3 Minimize Proliferation of Sensitive Pll 

Minimizing proliferation of Sensitive PII helps to keep it more secure and reduces 
the risk of a privacy incident. 

Refer requests for Sensitive PII from members of the media, the public and other 
outside entities, including requests from members of Congress that are not 
requesting on behalf of a committee chair or co-chair, to your component 
Freedom of Information Act (FOIA), Privacy or Disclosure Officer. 7 

Limit the sharing of Sensitive PII : 

• Internally. You are authorized to share Sensitive PII with another DHS 
employee or contractor if the recipient’s need for the information is related to 
his or her official duties. 

• Externally. You are authorized to share Sensitive PII outside of DHS if: 

1. The recipient’s need for the information is related to his or her official 
duties; and 

2. There is a published routine use in the applicable SORN. [All DHS 
SORNs are posted on the DHS Privacy Office website 
(www.dhs.gov/privacvI1 ; and 

3. There is an Information Sharing and Access Agreement or a formal 
Request for Information in place for disclosures of DHS information. 

Creating data extracts of Sensitive PII : 

Do not create unnecessary or duplicative collections of Sensitive PII, such as 
duplicate, ancillary, “shadow,” or “under the radar” files. 

• In some instances, it may be appropriate to create new spreadsheets or 
databases that contain Sensitive PII from a larger file or database. Before 
doing so, consult Attachment S1 in the DHS Sensitive Systems Policy 
Directive 4300A: DHS Policy and Procedures for Managing Computer- 
Readable Extracts Containing Sensitive PII, which can be found on DHS 
Connect . This document outlines DHS policies on how to manage computer 
readable extracts containing Sensitive PII. 

• Unauthorized replication may constitute an unauthorized or illegal Privacy 
Act system of records. Your component Privacy Officer or PPOC should be 
consulted to provide guidance specific to the situation. 

o When you need to print, copy, or extract Sensitive PII from a larger data 
set, limit the new data set to include only the specific data elements you 
need to perform the task at hand. 

o In addition, if you need to create duplicate copies of Sensitive PII to 
perform a particular task or project, delete or destroy them when they are 
no longer needed. 
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2.4 Secure Sensitive Pll 

When you handle, process, transmit, transport and/or store Sensitive PII, you 
should limit the potential for unauthorized disclosure. For example, protect 
against “shoulder surfing” or eavesdropping by being aware of your surroundings 
when processing or discussing Sensitive PII. 

PII in electronic form : 

Sensitive PII should only be accessed via DHS-approved portable electronic 
devices (PEDs) such as laptops, USB flash drives, and external hard drives 
(including contractor-owned equipment or a system that is approved to be used as 
a government system.). 8 PEDs must be encrypted as noted in DHS Sensitive 
Systems Policy Directive 4300A. Personally-owned USB flash drives may not be 
used. 

Personally owned computers should not be used to access, save, store, or host 
Sensitive PII unless you log in through the DHS Virtual Desktop. Each 
Component has a different procedure for accessing the DHS network remotely, so 
please check with your Help Desk. These rules also apply to all individuals on an 
approved telework program. 9 See Appendix C for additional guidance. 

Transporting hard copy PII: 

Obtain authorization from your supervisor before removing documents containing 
Sensitive PII from the workplace. Do not take Sensitive PII home or to any non- 
DHS approved worksite, in either paper or electronic format, unless appropriately 
secured. Paper documents must be under the control of the employee or locked in 
a secure container when not in use. 

Physically secure Sensitive PII when in transit. Do not mail or courier Sensitive 
PII on CDs, DVDs, hard drives, USB flash drives, floppy disks, or other 
removable media unless the data are encrypted. Also, do not pack laptops or 
electronic storage devices in checked baggage or leave them in a car for an 
extended period of time Never leave paper files or electronic devices in plain 
sight in an unattended vehicle. Additionally, do not return failed hard drives to 
vendors for warranty repair or replacement if the device was ever used to store 
Sensitive PII. These devices should be returned to your IT department for proper 
handling. 

Hard copy PII in the workplace : 

Never leave Sensitive PII in hard copy unattended and unsecured. 

Physically secure Sensitive PII (e.g., in a locked drawer, cabinet, desk, or safe) 
when not in use or not otherwise under the control of a person with a need to 
know. Sensitive PII may be stored in a space where access control measures are 
employed to prevent unauthorized access by members of the public or other 
persons without a need to know (e.g., a locked room or floor, or other space 
where access is controlled by a guard, cipher lock, or card reader). But the use of 
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such measures is not a substitute for physically securing Sensitive PII in a locked 
container when not in use. 

Try not to send Sensitive PII using a fax machine. If possible, scan and then 
encrypt the document(s) and email it. If the information must be sent by fax, do 
not send Sensitive PII to a fax machine without contacting the recipient to arrange 
for its receipt. 

Emailing PII : 

Within DHS: You can email Sensitive PII without protection if the recipient’s 
need for the information is related to his or her official duties. However, if you 
have any doubt about that, or to ensure protection, the DHS Privacy Office 
strongly recommends that you password-protect Sensitive PII you email within 
the Department, or redact the Sensitive PII before you email or print it. Some 
components require encryption when emailing Sensitive PII within DHS, so check 
your component’s policy. 

Outside of DHS: Email the Sensitive PII within an encrypted attachment with 
the password provided separately (e.g., by phone, another email, or in person). 

See Appendix A for guidance on encryption techniques, and page 8 for guidelines 
on external sharing of Sensitive PII. 

Storing PII on the shared drive : 

Store Sensitive PII on shared access computer network drives (“shared drives”) 
only if access is restricted to those with a need to know by permissions settings or 
passwords. Refer to Appendix C for the process to control access to a network 
shared drive folder. 
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3.0 Privacy Incident Reporting 

DHS defines a privacy incident as the loss of control, 
compromise, unauthorized disclosure, unauthorized 
acquisition, unauthorized access, or any similar term 
referring to situations where persons, other than 
authorized users and for an unauthorized purpose, have 
access or potential access to PII in usable form, 
whether physical or electronic. The term encompasses 
both suspected and confirmed incidents, whether 
intentional or inadvertent, involving PII which raise a 
reasonable risk of harm . 10 



3.1 How to Report a Privacy Incident: 

• You must report all privacy incidents, whether suspected or confirmed, to 
your supervisor immediately . If your supervisor is unavailable, or if there is a 
potential conflict of interest, report the incident to your Program Manager, 
Help Desk, component privacy officer, or PPOC. 

• Document or maintain records of information and actions relevant to the 
incident, as they may be required in the privacy incident handling report. 

• Any alleged violations that may constitute criminal misconduct, identity theft 
or other serious misconduct, or reflect systemic violations within the 
Department, will be reported to the DHS Office of the Inspector General 
(OIG) as part of the privacy incident reporting process. 

3.2 Do Not Further Compromise the Information 

Beware of these common mistakes so that your response to a privacy incident 

does not cause another incident: 

• Do not forward compromised information (e.g., SSN, full name, birth date, 
etc.) when reporting an incident. 

• If and when the compromised Sensitive PII is needed by your supervisor, 
PPOC, Information System Security Manager (ISSM), or the Help Desk in 
order to respond to an incident, you will be given instructions regarding the 
individual to send it to. 

• If you see Sensitive PII in an email that you suspect constitutes a privacy 
incident, remember that the information is duplicated and further 
compromised if you forward or reply to it. 

To obtain more information on privacy incident reporting, download the Privacy 
Incident Handling Guidance at www.dhs.gov/privacy. 
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Appendix A: Encrypting a File 


Encryption is the process of changing plain text into cipher text for the purpose of 
security or privacy. Until the Department adopts public key infrastructure (PKI), you 
have two options for file encryption: WinZip 12.0 and Adobe Acrobat 9 Pro (for 
PDFs). WinZip 12.0 uses 256-bit encryption which is the Department standard. 

NOTE : WinZip version 12.0 only applies to DHS Headquarters’ LAN A 
infrastructure. Contact your component IT Help Desk to obtain the preferred file 
encryption method. The recipient of a WinZip encrypted file will need WinZip 
software in order to open the file. 

To Encrypt a File using WinZip 12.0: 

1. Save the file that needs to be encrypted. 

2. Open up Windows Explorer and locate the file. 

3. Right click on the file 

4. Select “WinZip, Add to Zip file...” 

5. The “Add” dialog box will open (pictured below). 

6. The “Add to archive” box should be automatically populated with your file path. 
If not, select “New” and pick the path where the zipped file will reside. Insert the 
name of the “File name” box and click “OK.” 

7. In the “Action” box, select “Add (and replace) files.” 

8. In the “Compression” box, select “.Zip: Legacy compression (maximum 
compatibility).” 

9. In “Split Zip file” box, select “Don’t split.” 

10. In the “Options” area, click the “Encrypt added files” check box and uncheck 
the “Include system and hidden files” box. 

11. In the “Archive Attributes” area, do not select either option. 

12. Click the “Add” button. 
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13. Click the “OK” button on the “WinZip Caution” dialogue box. 

14. On the “Encrypt” dialogue box, enter a string of characters as a password 
composed of letters, numbers, and special characters (a minimum 8 characters, a 
maximum of 64) in the “Enter password” box. 



15. Retype the password in the “Re-enter password (for confirmation)” box. 

16. Check the “Hide the password” checkbox if it has not already been checked. 

17. Select the “256-Bit AES encryption” radio button. 

18. Click “OK.” 

19. You have successfully created the new Zip file which has the file encrypted and 
password protected in it. The new Zip file can now be attached to an email. 

NOTE: In a SEPARATE medium (i.e. by phone or in person), send the password to 
the recipients of the email. As a last resort, the password can either be sent out by 
email prior to sending the file, or afterwards, but NEVER in the same email to which 
the file is attached. 
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To Encrypt a PDF File using Adobe Acrobat 9 Pro: 

NOTE: Adobe Acrobat Professional software must be purchased. The recipient of the 
encrypted file will need Adobe Reader 9 or higher in order to open the file. Adobe 
Reader 9 or higher can be downloaded for free from Adobe’s website 
(http://www.adobe.com/) . 

1. Open up Windows Explorer and locate the file. 

2. Make sure the file is in PDF format. If not, right click on the file and click 
“Convert to Adobe PDF” to save the file with a PDF extension. 

3. With the PDF file open in Adobe Acrobat 9 Pro, click "Advanced, Security, 
Encrypt with Password" (pictured below). 


1 a SF-86 TEMPLATE.pdf - Adobe Acrobat Pro 

File Edit View Document Comments Forms lools 

Advanced Window Help 

i Create * Combine » , j Secure » > 

Accessibility ► 

Sign & Certify ► 

1 Comment * 



D9 j ^♦ n - > 21 

2 a Security 

<£ i Encrypt with Certificate 

Security Settings... 

Manage Trusted Identities... 

Extend Features in Adobe Reader... 

2 Encrypt with Password 

|^] Please Pill out the Following form. If you are a form 

Manage Security Policies... 

Show Security Properties 

Remove Security 

Adobe LiveCyde Rights Management ► 

Standard Form 86 

Revised July 2008 

U S. Office of Personnel Managem 
5 CFR Parts 731, 732, and 736 

Print Production ► 

Redaction ► 

Document Processing ► 

Web Capture ► 

Import Security Settings 

Export Security Settings 

PDF Optimizer... 

Create Security Envelope... 


4. Click “Yes” when prompted to change the security on the document (pictured 
below). 



5. Set “Compatibility” to “Acrobat 9.0 or later” so that the encryption level is 
256-bit AES. Ensure that "Encrypt all document contents" is selected. 

6. Check the box labeled "Require a password to open the document." 

7. Enter a password in the "Document Open Password" field. Please make sure the 
password is at least 8 characters long and is a combination of letters, numbers, 
and special characters. Click OK (pictured below). 
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Password Security - Settings 


Compatibility; Acrobat 9.0 and later 


H 


*J 


Encryption Level: 256-bit AES 

Select Document Components to Encrypt- 

(* Encrypt all document contents 

C Encrypt all document contents except metadata (Acrobat 6 and later compatible) 

C Encrypt only file attachments (Acrobat 7 and later compatible) 

^ All contents of the document will be encrypted and search engines will not be able to access the document's metadata. 


W Require a password to open the document 
Document Open Password: 

This password will be required to open the document. 

-Permissions 

V Restrict editing and printing of the document. A password will be required in order to change these permission settings. 
Change Permissions Password: |~ 

Printing Allowed: | High Resolution 
Changes Allowed: J Any except extracting pages 
W Enable copying of text, images, and other content 
R Enable text access for screen reader devices forthe visually impaired 


3 

3 


Help 


OK 


Cancel 


8. In the Adobe Acrobat - Confirm Document Open Password box, retype the 
password in the “Document Open Password” field. 

9. Click OK if you see a message that the settings do not take effect until the 
document is saved. 

10. Record the password since you will need to provide it to the recipient so that he or 
she can open the file. 

NOTE: If you are encrypting a form, click “Advanced, Extend Features in Adobe 
Reader, Save Now, Save” before closing the PDF document. This enables recipients 
with only Adobe Reader to type and save form data. This must be the last step, as 
changes to password encryption and page layout cannot be made after extending 
features. (If necessary, this feature can be undone by clicking File, Save as Copy, 
Save.) 

11. Close the PDF document (by clicking File, Close, or the small bold x near the 
upper right comer). Or, you can close Adobe Acrobat program entirely (by 
clicking File, Exit, or the big [X] button in the upper right comer). 

12. The new encrypted PDF file and password can now be sent to the user. 


NOTE: In a SEPARATE medium (i.e. by phone or in person), provide the password to 
the recipients of the email. As a last resort, the password can either be sent out by email 
prior to sending the file, or afterwards, but NEVER in the same email to which the file is 
attached. 
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Appendix B: 

Frequently 
Asked 
Questions 

These FAQs provide 
guidelines on how to 
protect Sensitive PII. 

You may also consult 
Appendix C for the 
Safeguarding 
Sensitive PII 
Factsheet, which 
su mm arizes these 
rules. 

1. How can I protect Sensitive PII... 

A. In the office? 

• Physically secure Sensitive PII (e.g., in a locked drawer, cabinet, desk, or safe) 
when not in use or not otherwise under the control of a person with a need to 
know. Sensitive PII may be stored in a space where access control measures are 
employed to prevent unauthorized access by members of the public or other 
persons without a need to know (e.g., a locked room or floor, or other space 
where access is controlled by a guard, cipher lock, or card reader). But the use of 
such measures is not a substitute for physically securing Sensitive PII in a locked 
container when not in use. 

• Never leave Sensitive PII unattended on a desk, network printer, fax machine, or 
copier. 

• Use a privacy screen if you regularly access Sensitive PII in an unsecured area 
where those without a need to know or members of the public can see your 
screen, such as in a reception area. 

o Lock your computer when you leave your desk. Depending on your 

equipment, you may lock your computer by (1) holding down “10”+ “L”, (2) 
holding down “Ctrl”+ “Alt” + “Delete” and then hitting “Enter”, or (3) by 
removing your Personal Identity Verification (PIV) Card from your keyboard. 

o Do not permit your computer to remember passwords. 

• Avoid discussing Sensitive PII in person or over the telephone when you’re 
within earshot of anyone who does not need to know the information. 

o If you must discuss Sensitive PII using a speakerphone, phone bridge or video 
teleconference, do so only if you are in a location where those without a need 
to know cannot overhear. 
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o Keep in mind that phone conversations are easily overheard between cubicles, 
so Sensitive PII is most securely discussed in an office or conference room 
behind a closed door. 

o Remember that some places that seem private still pose a risk for unauthorized 
disclosure, such as in a taxicab or the DHS shuttle. 

B. While traveling? 

• Sensitive PII should only be accessed via DHS-approved PEDs such as laptops, 
Blackberrys, USB flash drives, and external hard drives, all of which must be 
encrypted as noted in DHS Sensitive Systems Policy Directive 4300A. 

• Personally owned computers should not be used to access, save, store, or host 
Sensitive PII unless you log in through the DHS Virtual Desktop. Each 
Component has a different procedure for accessing the DHS network remotely, so 
please check with your Help Desk. 

• When transporting your laptop or PED: 

o If you must leave it in a car, lock it in the trunk so that it is out of sight. Do 
not leave your laptop or PED in a car overnight. 

o Do not store a laptop or PED in an airport, a train or bus station, or any public 
locker. 

o Avoid leaving a laptop or PED in a hotel room. If you must leave it in a hotel 
room, lock it inside an in-room safe or a piece of luggage. 

o At airport security, place your laptop or PED on the conveyor belt only after 
the belongings of the person ahead of you have cleared the scanner. If you are 
delayed, keep your eye on it until you can pick it up. Never place a PED in 
checked luggage. 

o If your PED is lost or stolen, report it as a lost asset following your component 
reporting procedures. 

C. While teleworking? 

• Sensitive PII should only be accessed via DHS-approved PEDs such as laptops, 
Blackberrys, USB flash drives, and external hard drives, all of which must be 
encrypted as noted in DHS Sensitive Systems Policy Directive 4300A. 

• Personally owned computers should not be used to access, save, store, or host 
Sensitive PII unless you log in through the DHS Virtual Desktop. 

o Each Component has a different procedure for accessing the DHS network 
remotely, so please check with your Help Desk, 
o Don’t transfer files to your home computer or print agency records on your 
home printer. 

o Don’t forward emails containing Sensitive PII to your personal email account 
(e.g., your Yahoo, Gmail, or AOL e-mail account) so that you can work on it 
on your home computer. 

o These rules also apply to all individuals on an approved telework program. 11 

• Obtain authorization from your supervisor to remove documents containing 
Sensitive PII from the office. 
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• Secure your PED and any 
hard copy Sensitive PII 
while teleworking, and 
ensure that other 
household members 
cannot access them. 

Consult Appendix C for more 
details on how to protect Sensitive 
PII while teleworking. 



D. In email or other 
electronic transfer? 

Within DHS : You can email Sensitive PII without protection if the recipient’s need 
for the information is related to his or her official duties. However, if you have any 
doubt about that, or to ensure protection, the DHS Privacy Office strongly 
recommends that you password-protect Sensitive PII you email within the 
Department, or redact the Sensitive PII before you email or print it. Some 
components require encryption when emailing Sensitive PII within DHS, so check 
your component’s policy. 

Outside of DHS : Email the Sensitive PII within an encrypted attachment with the 
password provided separately (e.g., by phone, another email, or in person). See 
Appendix A for guidance on encryption techniques, and page 8 for guidelines on 
external sharing of Sensitive PII. 

E. When sending via facsimile (fax)? 

• Avoid faxing Sensitive PII if at all possible. If you must use a fax to transmit 
Sensitive PII, use a secured fax line, if available. Alert the recipient prior to faxing so 
they can retrieve it as it is received by the machine. After sending the fax, verify that 
the recipient received the fax. 

F. In the interoffice mail? 

• Sensitive PII should be sent in accordance with your Component’s interoffice mail 
procedures, or by DHS courier. Consult your supervisor for your office’s 
accountable interoffice mail procedures. Verify that the recipient received the 
information. 
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G. In the outgoing mail? 

• For mailings containing a small amount of Sensitive PII materials (such as individual 
employee actions): 

o Seal Sensitive PII materials in an opaque envelope or container. 

o Mail Sensitive PII materials using the U.S. Postal Service’s First Class Mail, 
Priority Mail, or an accountable commercial delivery service (e.g., UPS). 

• For large data extracts, database transfers, backup tape transfers, or similar collections 
of Sensitive PII: 

o Encrypt the data (if possible) and use a receipted delivery service (i.e., Return 
Receipt, Certified or Registered mail) or a tracking service (e.g., "Track & 
Return") to ensure secure delivery is made to the appropriate recipient. 

H. When mailing overseas? 

• When serviced by a military postal facility (e.g., Army Post Office/Fleet Post Office), 
send Sensitive PII materials directly to the office via the U.S. Postal Service’s First 
Class Mail. 

• Where the overseas office is not serviced by a military postal facility, send the 
Sensitive PII materials through the Department of State diplomatic courier. 

/. On my office shared drive, SharePoint site, intranet, or public 
websites? 

• Do not post Sensitive PII on the DHS intranet, component intranet sites, SharePoint 
collaboration sites, shared drives, multi-access calendars, or on the Internet (including 
social networking sites) that can be accessed by individuals who do not have a “need 
to know.” 

• See Appendix C for the process to control access to a network shared drive, or consult 
your component Help Desk for assistance. 

• For SharePoint collaboration site use, please consult the DHS/ALL/Privacy Impact 
Assessment (PIA)-037 found at www.dhs.gov/privacy. This PIA sets out minimum 
standards for SharePoint privacy and security requirements. DHS components may 
build more detailed controls and technical enhancements into their respective sites, so 
please contact your component Privacy Officer before establishing a new 
collaboration site that will contain PII. 
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2. How can I minimize my use of Sensitive Pll? 

Whenever possible, minimize the duplication and dissemination of electronic files and 

papers containing Sensitive PII. 

• If you need to use a unique number or data element to identify individuals, use email 
addresses or case record numbers instead of Social Security numbers. 

• Only print, extract, or copy Sensitive PII when the risk is justified by an official need 
that is not easily met using other means. 

o For example, if you need to generate a list of employees and their salaries in a 
particular office for a project, query the payroll database to return only those 
employees’ names and salaries (and not, for example, other sensitive data such as 
SSNs). If you cannot customize the reports generated by a database, consider 
loading the results into an Excel spreadsheet and deleting the data you do not need 
before saving the file and distributing it to others. For more information, consult 
Attachment SI in the DHS Sensitive Systems Policy Directive 4300A: DHS Policy 
and Procedures for Managing Computer-Readable Extracts Containing Sensitive 
PII, which can be found on DHS Connect , 
o Before emailing, printing or making paper copies, redact Sensitive PII that is not 
necessary for your immediate use or for a recipient to see. 

3. Why shouldn’t I store Sensitive PII on unauthorized equipment? 

• DHS issued or approved PEDs such as laptops, Blackberrys, USB flash drives, and 
external hard drives, are encrypted. 13 Encryption protects the data on the device from 
being accessed by an unauthorized user if the device is lost or stolen. 

• Non-government issued equipment, even if encrypted, may have unauthorized 
software or allow an unauthorized person to access the data. This equipment may 
also have viruses, spyware, or other technology that may cause harm to the DHS 
network, and could allow unauthorized access to DHS information, including 
Sensitive PII, if the non-government issued equipment is connected to the DHS 
network. 

4. How do I secure Sensitive PII that cannot be encrypted, such as 
paper copies or some external media? 

• Sensitive PII in hard copy or stored on external media must be kept in a locked 
compartment, such as filing cabinet or desk drawer. Alternatively, hard copies can be 
scanned and password protected or encrypted. External media can be mailed using 
the instructions outlined in this document. 

5. What are my responsibilities when requesting or receiving 
Sensitive PII? 

When collecting Sensitive PII from members of the public, use only an OMB-approved 14 

paper or electronic form, and collect Sensitive PII directly from the individual to the 

extent possible. 
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• For example, if a DHS employee needs to submit information about a visitor to have 
him or her cleared to enter a DHS facility, the visitor should fill out his or her portion 
of the approved visitor form whenever possible. 15 This will limit unnecessary 
dissemination of that individual’s personal data, and will also allow him or her to be 
aware of what information is being collected, to consent to releasing that information, 
and to receive notice as required by the Privacy Act of the uses and purpose for 
collecting the information. 

• Asa best practice, every request you make for Sensitive PII should be accompanied 
by a reminder of how to properly secure the information. DHS suggests the 
following reminder when requesting information from someone outside of DHS: 

“The information I have requested is Sensitive Personally Identifiable 
Information. To properly secure this information, please send it within an 
encrypted and password-protected attachment with the password provided under 
a separate cover, such as in person, by phone, or in a separate email. ” 

• If someone sends you Sensitive PII in an unprotected manner, you must protect that 
data in the same manner as all Sensitive PII you handle once you receive it. 

o For example, if someone outside of DHS sends unsecured Sensitive PII in the 
body of an email to you, you must encrypt that data if you wish to email it to 
another non-DHS recipient. 

o The DHS Privacy Office strongly recommends that you password-protect 

Sensitive PII you share within the Department, or redact the Sensitive PII before 
you share or print it. 

6. When and how should I destroy materials containing Sensitive PII? 

Follow retention and disposal policies : 

Sensitive PII, including archived emails 16 
containing Sensitive PII, shall be 
destroyed when retention of the data is no 
longer required, consistent with applicable 
record retention schedules 17 or as 
identified in the applicable SORN or PIA 
published on www.dhs.gov/privacy . 


o Printed material must destroyed using an approved shredder or “bum bag.” 
Secure bum bags containing Sensitive PII that are awaiting removal. 

o All Sensitive PII on diskettes must be permanently erased or destroyed according 
to your ISSM’s standards before re-use. 

o PEDs containing Sensitive PII must be sanitized according to your ISSM’s 
standards when no longer needed by an employee or contractor. 
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Appendix C: Helpful Documents 


At the end of this document you will find three helpful factsheets: 


1 . How to Safeguard Sensitive Personally Identifiable Information : summarizes the 
key points in this Handbook. 

2. Protecting PII: Telework Best Practices : details the steps to protect Sensitive PII 
while working remotely. 

3. Controlling Access to a Network Shared Drive Folder, details the steps to restrict 
access to a particular folder within your shared drive that may contain Sensitive PII. 
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Endnotes 


1 As required by OMB M-07-16, these rules also apply to DHS licensees, certificate holders, and grantees 
that handle or collect PII, including Sensitive PII, for or on behalf of DHS. 

2 Subsection (e)(10) of the Privacy Act of 1974, as amended (5 USC § 552a) states that “[ejach agency that 
maintains a system of records shall.. .establish appropriate administrative, technical, and physical 
safeguards to insure the security and confidentiality of records and to protect against any anticipated threats 
or hazards to their security or integrity which could result in substantial harm, embarrassment, 
inconvenience, or unfairness to any individual on whom information is maintained.” 

3 For more information about the Paperwork Reduction Act (PRA) (44 U.S.C. 3501 et seq.), contact the 
DHS PRA Program Office at DHSPRA@hq.dhs.gov. 

4 DHS Management Directive 11042.1: Safeguarding Sensitive But Unclassified (For Official Use Only) 
Information defines need to know as the determination made by an authorized holder of information that a 
prospective recipient requires access to specific information in order to perform or assist in a lawful and 
authorized Governmental function, i.e., access is required for the performance of official duties. 

5 Depending on your role in the Department, the appropriate supervisor may be your Program Manager, 
Director, Privacy Officer, or ISSM. You are also encouraged to contact the DHS Privacy Office at 
privacy@dhs.gov if you need assistance locating the person who can respond to your privacy questions, 
have privacy issues that need escalation, clarification, or resolution, or if you need your concern to be kept 
confidential. Also, you should refer to the DHS Office of Inspector General (OIG) any alleged violations of 
the terms of this document that may constitute criminal misconduct, identity theft, or other serious 
misconduct, or reflect systemic violations within the department. You can contact the OIG by writing to 
DHS Office of Inspector General/MAIL STOP 2600, Attention: Office of Investigations - Hotline, 245 
Murray Drive, SW, Building 410, Washington, DC 20528. You can also fax the information to (202) 254- 
4292, or email DHSOIGHotline@dhs.gov. 

6 NDAs are generally obtained from DHS contractors prior to those individuals being issued a badge and/or 
access to DHS systems, as part of the security on boarding process. 

7 If you are unsure to whom to refer the request, contact your supervisor or the FOIA office at 
FOIA@dhs.gov. 

8 DHS Sensitive Systems Policy Directive 4300A, section 4.8.3 (b) states that “equipment that is not owned 
or leased by the Federal Government, or operated by a contractor on behalf of the Federal Government, 
shall not be connected to DHS equipment or networks without the written prior approval of the Component 
ISSM.” 

9 DHS Management Directive 3070.2, Telework Directive, specifies that “[tjeleworking employees are 
subject to ensuring that records subject to Privacy Act and sensitive or classified data are not disclosed to 
anyone except those who are authorized access to such information in order to perform their duties.” 

14 To obtain more information on privacy incident reporting, download the Privacy Incident Handling 
Guidance at www.dhs.gov/privacy . 

11 DHS Management Directive 3070.2, Telework Directive, specifies that “[tjeleworking employees are 
subject to ensuring that records subject to Privacy Act and sensitive or classified data are not disclosed to 
anyone except those who are authorized access to such information in order to perform their duties.” 

12 For more information on accountable interoffice mail, see the Outgoing Mail Policies and Services 
section of the DHS Executive Secretariat Handbook or contact the DHS mailroom. If your office does not 
participate in DHS HQ interoffice mail, consult your supervisor for your local accountable interoffice mail 
procedures. 

13 OMB Memorandum M-06-16 requires that all agencies “[ejncrypt all data on mobile computers/devices 
which carry agency data unless the data is determined to be non-sensitive, in writing, by your Deputy 
Secretary or an individual he/she may designate in writing.” Encryption of all mobile computing devices is 
required by DHS Sensitive Systems Policy Directive 4300A. If you are issued a portable electronic device 
which you believe may not be encrypted, contact your component ISSM. 

14 See OMB Office Of Information And Regulatory Affairs Inventory Of Approved Information Collections 
at www.whitehouse.gov/omb for a list of OMB-approved forms. 

15 Subsection (e)(2) of the Privacy Act of 1974, as amended (5 USC § 552a) states that “[ejach agency that 
maintains a system of records shall.. .collect information to the greatest extent practicable directly from the 
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subject individual when the information may result in adverse determinations about an individual’s rights, 
benefits, and privileges under Federal programs.” 

16 Archived emails in this context include only those that the user manages, not those saved as part of 
system backups by system administrators. 

17 For questions about record retention schedules, contact your Component Records Officer or 
DHSRecordsManagement@HQ.DHS.GOV. 
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The Privacy Office 

U.S. Department of Homeland Security 

Washington, DC 20528 



HOW TO SAFEGUARD SENSITIVE PERSONALLY IDENTIFIABLE INFORMATION 


This fact sheet helps you safeguard Sensitive Personally Identifiable Information (Pll) in paper and electronic form during 
your everyday work activities. DHS employees, contractors, consultants, interns, and detailees are required by law and 
DHS policy to properly collect, access, use, safeguard, share, and dispose of Pll in order to protect the privacy of individuals. 


What is Pll? 

Pll is any information that permits the identity of an individual to be directly or indirectly inferred, including any 
information which is linked or linkable to an individual. Some Pll is not sensitive, such as that found on a business card. 
Other Pll is Sensitive Pll, which if lost, compromised, or disclosed without authorization, could result in substantial 
harm, embarrassment, inconvenience, or unfairness to an individual. Sensitive Pll requires stricter handling guidelines, 
which are detailed below. 

Examples of Sensitive Pll include: Social Security numbers (SSN), Alien Registration Numbers (A-number), financial 
account numbers, and biometric identifiers (e.g., fingerprint, iris scan). Other data elements such as citizenship or 
immigration status, account passwords, and medical information, in conjunction with the identity of an individual, are 
also considered Sensitive Pll. The context of the Pll may also determine its sensitivity, such as a list of employees with 
poor performance ratings. 


Guidelines for Safeguarding Sensitive Pll 



Before collecting or maintaining Sensitive Pll, be sure that: (1) you have the authority to do so; (2) the data collection is 
consistent with the terms of a Privacy Act System of Records Notice (SORN); and (3) your database or information- 
technology system has an approved Privacy Impact Assessment. Access to Sensitive Pll is based upon your having an 
official need to know, i.e., when the information relates to your official duties. Limit your access to only the Sensitive Pll 
needed to do your job. 

• Ensure that casual visitors, passersby, and other individuals without an official need to know cannot access or 
view documents containing Sensitive Pll. If you leave your work area for any reason, activate your computer's 
screen saver. 

• Ensure privacy while having intra-office or telephone conversations regarding Sensitive Pll. 

• Do not post Sensitive Pll on the DHS intranet, the Internet, social networking sites, shared drives, SharePoint, or 
multi-access calendars accessible to individuals without an official need to know or proper authorization. 

• Do not share account information, especially logins or passwords, with anyone. Do not have login or password 
information accessible to others (such as on a sticky note on your computer). 

• Be alert to phone calls or emails from individuals claiming to be DHS employees attempting to gather or verify 
personal or non-public information. DHS will never ask you to verify your account login, password, or personal 
information by email or over the phone. 


d 



Limit duplication of Sensitive Pll : Before creating new spreadsheets or databases that contain Sensitive Pll from a larger 
file or database, consult the DHS Sensitive Systems Policy Directive 4300A, Attachment SI. 

Protect hard-copy Sensitive Pll : Do not leave Sensitive Pll unattended on desks, printers, fax machines, or copiers. 
Secure Sensitive Pll in a locked desk drawer, file cabinet, or similar locked enclosure when not in use. When using 
Sensitive Pll, keep it in an area where access is controlled and limited to persons with an official need to know. Avoid 
faxing Sensitive Pll if other options are available. 










SafeguardDHS media : Sensitive Pll may only be saved, stored, or hosted on DHS-approved portable electronic devices 
(PEDs), such as laptops, USB flash drives, and external hard drives. All portable media must be encrypted pursuant to 
DHS Sensitive Systems Policy Directive 4300A. Personal computers may not be used unless you log in through the DHS 
Virtual Desktop. If you need to transport your laptop or PED and must leave it in a car, lock it in the trunk and out of 
sight. Do not leave your laptop or PED in a car overnight. If lost or stolen, immediately report the missing asset 
according to your component's reporting procedures. 


III. Sharing Sensitive Pll 


You are authorized to share Pll outside of DHS only if there is a published routine use in the applicable SORN and an 
information sharing and access agreement that applies to the information. 


Emailing Sensitive Pll 

• Within DHS : Though DHS policy allows you to email Sensitive 
Pll without protection to a recipient with an official need to 
know, some components do require encryption. The DHS 
Privacy Office strongly recommends that you redact, password- 
protect, or encrypt Sensitive Pll you email within DHS. 

• Outside DHS : Email Sensitive Pll within an encrypted 
attachment with the password provided separately by phone, 
email, or in person. Before emailing Sensitive Pll, confirm that 
you have the correct email address. 

• Never email Sensitive Pll to personal email accounts : Personal 
computers should not be used to access, save, store, or host 
Sensitive Pll unless you log in through the DHS Virtual Desktop. 
Each component has different procedures for accessing the 
DHS network remotely, so check with your Help Desk. 


Mailing Sensitive Pll 

Encrypt Sensitive Pll stored on CDs, DVDs, 
hard drives, USB flash drives, floppy disks, 
and other removable media prior to mailing 
or sharing. Always verify that the recipient 
received the information. Note that FOIA 
requests may require different handling. 

• Within DHS : Mail Sensitive Pll in a blue 
messenger envelope provided by your 
on-site DHS mailroom or courier. 

• External Mail : Seal Sensitive Pll in an 
opaque envelope or container. Use First 
Class Mail, Priority Mail, or a traceable 
commercial delivery service (UPS, 

FedEx). 


IV. Disposing of Sensitive Pll 


Sensitive Pll, including that found in archived emails, must be disposed of when no longer required, consistent with the 
applicable records disposition schedules. If destruction is required, take the following steps: 

• Shred paper containing Sensitive Pll; do not recycle or place in garbage containers. Be especially alert during 
office moves and times of transition when large numbers of records are at risk. 

• Before transferring your computer or PED to another employee, ask your Help Desk to sanitize Sensitive Pll from 
computer drives and other electronic storage devices according to your component's information security 
standards and the DHS 4300A Sensitive Systems Handbook. 


V. Reporting Privacy Incidents 


You must immediately report all suspected or confirmed privacy incidents involving the loss or compromise of all Pll to 
your supervisor. If your supervisor is unavailable, or if there is a potential conflict of interest, DON'T WAIT! Report the 
incident to your Program Manager, Help Desk, component privacy officer or privacy point of contact. For more 
information on reporting privacy incidents, download the Privacy Incident Handling Guidance on DHS Connect or 
www.dhs.gov/privacy . 

For More Information 

For more detailed guidelines on the safe handling of Sensitive Pll, download the Handbook for Safeguarding Sensitive Pll 
from www.dhs.gov/privacy . 


Website: www.dhs.gov/privacy Email: privacy@dhs.gov Revised October 2012 
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Protecting PII: Telework Best Practices 


Teleworking and Information Security 

Telework presents many benefits to the federal workforce, such as managing 
commutes, saving taxpayer money by decreasing government real estate, and 
ensuring continuity of essential government functions in the event of emergencies. 
While telework allows for greater flexibility in managing our workforce, there are 
risks to privacy and information security 1 that are inherent with a remote 
workforce. Information security policies do not change when an employee works 
from home. It is the duty of the employee to safeguard Sensitive information, 
including personally identifiable information (PII ), 2 while teleworking. 

Safeguarding Sensitive PII 

Effective teleworking begins with having a signed telework agreement in place. 
Work with your supervisor to determine what types of documents are appropriate to 
take home and what documents should stay secured within the DHS work space. 
Know the sensitivity of your documents, and make sure they are appropriately 
marked to help mitigate the risk of unauthorized disclosure. 

One of the most effective ways to safeguard documents containing Sensitive PII is 
to keep electronic documents within the DHS network and to properly secure hard 
copy documents that you take outside of the DHS work space. Stay within the 
network by logging in remotely through the DHS Virtual Desktop*, whether you 
use your DHS-issued laptop or your personal computer. If you choose to work 
from your personal computer, do not forward documents to your personal email 
account as a way to avoid issues such as slow network connectivity or the inability 
to print. While there may be instances where you need to send information to an 
individual’s personal account (i.e. job applicant), forwarding unencrypted emails to 
your own personal email account or sending unencrypted documents outside the 
DHS network that contain Sensitive PII is considered a privacy incident (or data 
breach). 

If you know you will be teleworking, identify the files you may need to work on in 


1 The Federal Information Security Management Act of 2002 (FISMA) defines information security as protecting 
information and information systems from unauthorized access, use, disclosure, disruption, modification, or 
destruction in order to provide (A) integrity, which means guarding against improper information modification or 
destruction and includes ensuring information nonrepudiation and authenticity; (B) confidentiality, which means 
preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and 
proprietary information; and (C) availability, which means ensuring timely and reliable access to and use of 
information. 

2 PII is any information that can directly or indirectly lead to the identification of an individual. Sensitive PII is 
defined as personally identifiable information, which if lost, compromised, or disclosed without authorization, 
could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. 


advance, and organize them on your network drive or DHS laptop so that they will 
be easily accessible to you while teleworking. You may also want to take advantage 
of DHS-approved collaboration tools, such as SharePoint, to easily access files 
while teleworking. However, before using SharePoint to store Sensitive PII, make 
sure your site has been approved for such use and that access is limited to only 
those individuals whose need for the information is related to his or her official 
duties. Have a back-up plan in mind in case you experience issues with network 
connectivity, but never transfer files to your personal computer using thumb drives 
or other portable electronic devices. 

Be able to secure your DHS equipment and information at all times, including 
while transporting information home or while traveling. If you must leave 
equipment or documents unattended, secure them (i.e. in the trunk of your car, in a 
hotel safe, etc.), but only for short periods of time. Inventory your documents 
before teleworking, and ensure all documents are returned to the office. 

Examples of Privacy Incidents Associated with Telework 

Know how to recognize a privacy incident and how to report it. 

• Sending an email containing Sensitive PII to your personal email account. 

• Sending unencrypted Sensitive PII outside the DHS network (i.e., to another 
agency, to a private sector partner, to a potential hire). 

• Allowing family members access to documents containing Sensitive PII. 

• Printing documents containing Sensitive PII to your personal printer. 

• Using a thumb drive or other device to transfer data (i.e., Sensitive PII) to your 
personal computer. 

Report any suspected or confirmed privacy incidents 
to your supervisor 
or your component Help Desk. 
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WHEN 

DO 

DON’T 

WHY 

Before you 
telework... 

Plan ahead to ensure that Sensitive documents can 

be safely accessed remotely. Organize your files so 
that they are easily accessible via the DHS Virtual 
Desktop*. Use DHS-approved, portable electronic 
devices, which are encrypted, thereby adding a layer 
of protection to your data. 

X Don’t forward emails to your personal email account 
or use non-approved portable electronic devices. 

Have a back-up plan in case you experience issues with 
network connectivity, but never transfer or download 
data to your personal computer, personal email account, 
or to non-encrypted devices. 

When you remove data from the DHS network, 

DHS cannot protect it. There may be instances 
where you need to send Sensitive PII to job 
applicants or individuals without DHS accounts, but 
it must be encrypted. To send it unencrypted is 
considered a privacy incident. 

Obtain authorization from your supervisor to take 
home Sensitive documents, and make sure 
documents containing Sensitive PII are marked 
“For Official Use Only” or “Privacy Data.” 

Inventory your hard copy documents when you leave 
the office and before you return them to the office. 

X Don’t take Sensitive PII home that you do not need. 

Limit your removal of Sensitive PII from the office to 
only that information that is relevant and necessary to 
the work outlined in your telework agreement. 

Hard copy documents are easily lost or misplaced, 
putting Sensitive PII at risk. Conducting an 
inventory and properly marking documents helps 
mitigate the risk of unauthorized disclosure. 

Transport 

of 

documents 

V Be able to secure Sensitive data when not in use. 

If you must leave your laptop or hard copy documents 
inside a vehicle, lock them in the trunk but only for 
short periods of time. When traveling, place Sensitive 

data in a hotel safe when not in use. 

X Don’t leave your laptop or hard copy documents 
unattended overnight. 

Maintain accountability of your data by ensuring 

documents are secured when not in use. 

Failure to maintain accountability of Sensitive PII 
can lead to loss, theft, or misuse, resulting in a 
privacy incident. 

At home... 

^ Log in through the DHS Virtual Desktop* 

Organize your work space at home so that work files 
are separate from personal files and can be properly 
safeguarded. 

X Don’t email or save files containing Sensitive PII to 
your home computer. / 

X Don’t print agency records to 
your home printer. 

Your home computer, printer, fax, and copier all 
contain internal storage or “hard drives.” Even 
when these devices are disposed of, the information 

stored within is vulnerable. 

Take advantage of DHS collaboration tools such as 

SharePoint. 

Do not post Sensitive PII on the DHS intranet, 
Component intranet sites, SharePoint collaboration 
sites, shared drives, multi-access calendars, or on the 
Internet (including social networking sites) that can be 
accessed by individuals who do not have a “need to 
know.” 

X Don’t store Sensitive PII on SharePoint unless your 
site has been approved for such use. 

Access must be limited to those that have an official 

need to know. 

Collaboration tools provide quick, easy access to 
data, but without proper security controls, can lead 
to data winding up in the wrong hands. Sharing 

Sensitive PII with unauthorized users is considered 

a privacy incident. 

Secure your data, and ensure other household 

members do not have access to it. 

Organize your work space at home so that government 
property and information are kept separate from 
personal property and can be properly safeguarded. 

X Don’t leave files containing Sensitive data lying out in 
the open. 

Never leave Sensitive PII in view of children, spouses, 

or visitors. Sensitive PII should be secured in locked 

cabinets and your computer/Blackberry should remain 

locked when not in use. 

Failure to properly secure Sensitive records could 
result in inadvertent sharing of Sensitive PII. 


*Each Component has a different process for accessing the DHS network remotely. Please contact your Help Desk. 
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Controlling Access to a Network Shared Drive Folder 


August 2011 


Most likely your office maintains space on a DHS shared network drive. Your office controls access to its 
portion of the shared drive through a folder-based security mechanism. Typically, access to your main 
folder is restricted to the staff on your office’s main email distribution list. 


If you want to restrict access to a particular folder within your shared drive, here’s what to do: 

1. Create/identify the folder you want to control. 

2. Find the full path to that folder by: 

a. Clicking on My Computer on your desktop. 

b. Finding your network shared drive and right clicking it. 

c. In the left NAV under “Details”, the network drive path will appear, for example : 

• WZZA1 CE-0350\dhs-g\DHS\Your Office\Your Folder 

3. Create the name of an email distribution list that you’d like to use to govern access to the 
folder. Use something like “officename [folder]”. Keep it short, simple, easy to recognize in 
the GAL. This email list becomes your security group, and as the manager of this group, you 
have the ability to add and remove names of users, as needed. To do this [once the email 
list is created], open the security list in the GAL, click “modify members”, then add or remove 
users. 

4. Identify who you want to have access to that folder - you will need full DHS email addresses. 

5. Email IT Support and tell them you want to: 

a. Restrict access to a folder. Send them the full path (step 2). 

b. Create an email distribution list with the names you picked (step 3); and 

c. Add all the names/email addresses to that distribution list and give each of those 
individuals “owner” rights to the distribution list - this way anyone in that list can 
change the list if you want to add/remove names. You can also pick one person 
and give them ownership rights to add/remove people from the distribution list. 
However you do it, it’s key that someone you know can edit that list of names - 
this will give you control over who can access the folder. 

d. Restrict access to that folder so that only users on the distribution list can access 
it. You can make this a little more complex by changing the tiers of control over 
the folder. 

i. Full restriction/access - only those on the list can open the folder and 
once they’re in they can do anything they want. 

ii. Read only - you can allow anyone to read files in that folder - they 
cannot edit/delete anything - then only people on the distribution list can 
change. 

6. Then get confirmation from IT Support, and conduct a test - 

a. See if someone outside your new group can open the folder. 

b. See if someone inside your group can open the folder and change stuff in it. 

c. See if someone on your list can change the names on the list. 




